The Lippard Blog

Sunday, March 12, 2017

Rep. Tom Graves (R-GA14) has circulated a draft bill, the "Active Cyber Defense Certainty Act" (or ACDC Act), which amends the Computer Fraud and Abuse Act (18 USC 1030) to legalize certain forms of "hacking back" for the purposes of collecting information about an attacker in order to facilitate criminal prosecution or other countermeasures.

The bill as it currently stands is not a good bill, for the following reasons:

1. It ignores the recommendations in a recent report, "Into the Gray Zone: Active Defense by the Private Sector Against Cyber Threats," from the Center for Cyber & Homeland Security at the George Washington University. This report distinguishes between low-risk active defense activities within the boundaries of the defender's own network, such as the use of deceptive technology (honeypots, honeynets, tarpitting), the use of beaconing technology to provide notifications in case of intrusions, and research in deep and dark web underground sites, on the one hand, and higher-risk active defense activities such as botnet takedowns, sanctions and indictments, white-hat ransomware, and rescue missions to recover stolen assets, on the other. One of the report's key questions for an active defense measure is "is the active defense measure authorized,
whether by an oversight body, law enforcement,
or the owner of the affected network?" This bill creates no mechanism for providing particular authorizations (also see points 2 and 3, below).

The "Into the Gray Zone" report also suggests that if a decision is made to authorize the accessing of a remote system (an attacker's system is almost always the system of another victim) for information collection purposes, it should be limited to cases in which a defender can "assert a positive identification of the hostile actor
with near certainty, relying on multiple credible attribution
methods." This, however, seems too strict a condition to impose.

Finally, however, this report advises that, even without a change in the law, DOJ "should exercise
greater discretion in choosing when to enforce
the CFAA and other relevant laws, and should provide
clarity about how it intends to exercise such discretion.
Companies engaging in activities that may push the
limits of the law, but are intended to defend corporate
data or end a malicious attack against a private server
should not be prioritized for investigation or prosecution." (p. 28) The report cites active defense activity by Google in response to hacking from China as an example where there was no prosecution or sanction for accessing remote systems being used by attackers. This proposal seems to me a wiser course of action than adopting this bill. (Also see point 5, below.)

2. It disregards the recommendations from the Center for Strategic and International Studies Cyber Policy Task Force on the subject of active defense. The CSIS Cyber Policy Task Force report contains a short three-paragraph section on active defense (p. 14) which throws cold water on the idea, calling active defense "at best a stopgap measure, intended to address companies’ frustration
over the seeming impunity of transborder criminals" and affirming that only governments should be authorized to engage in activities on the high-risk side, and that it is their responsibility to coordinate and engage in such activity. It does offer up a possibility for a proposal that allows accessing remote systems by private parties in its last sentence: "Additionally,
the administration could consider measures, carried out with the prior approval of federal law
enforcement agencies (most likely requiring a warrant to enter a third-party network) to recover or
delete stolen data stored on servers or networks under U.S. jurisdiction." This bill does not require approval from federal law enforcement agencies or a warrant for accessing remote systems or networks, and jurisdiction is only implicit.

3. While the proposal in the bill resembles a proposal made in a Mercatus Center at George Mason University proposal by Anthony Glosson, it adopts the carrot element of the proposal while neglecting the stick. Glosson's proposal is that, like this bill, private parties should be permitted to access remote attacking systems in order to collect information ("observation and access"), but not to engage in "disruption and destruction." However, Glosson suggests three requirements be present to make such access and information collection permissible, and if those requirements are not present, that there be "stiff statutory damages" imposed. The bill omits any statutory damages, and imposes only one of Glosson's three requirements (though a previous version of the bill included the second). Glosson's three requirements are (1) that the defender's actions are limited to observation and access, (2) that the attacker was routing traffic through the defender's network at the time of the active defense action, and (3) that obtaining the owner of the attacking system's cooperation at the time of the attack was impractical. This third criterion is a critical one, and a good way to observe the undesirability of this bill is to imagine that you are the owner of the intermediary system used by the attacker to go after a third party--what would you want that third party to be able to do with your system without your permission or consent?

4. The bill appears to have been somewhat hastily written and sloppily updated, failing to update a persistent typographical error ("the victim' [sic] own network") through its revisions, and the current version seems to be somewhat incoherent. In its current form it is unlikely to meet its short title objective of encouraging certainty.

The current version of the bill makes it legal for a victim of a "persistent unauthorized intrusion" to access "without authorization the computer of the attacker to the victim' [sic] own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network," so long as this does not destroy information on the system, cause physical injury, or create a threat to public health or safety.

The phrase "without authorization the computer of the attacker to the victim's own network" doesn't make sense [it should say "attacker of" or "attacker against"], and appears to be the result of poor editing from the prior version of the bill, which made permissible accessing "without authorization a computer connected to the victim' [sic] own network", with the rest of the text remaining the same. This prior wording apparently attempted to thread the needle of the GWU "Into the Gray Zone" report by defining the accessing of a remote system as being within the boundaries of the defender's own network, and thus on the low-risk side of the equation. However, the wording "connected to the victim's own network" is ambiguous and unclear--does it mean directly connected (e.g., to a WiFi access point or LAN port on a switch), in which case this is much less useful, or does it mean any active session flow of packets over the Internet into the victim's network (similar to Glosson's second requirement)? The latter is the more reasonable and charitable interpretation, but it should be made more explicit and could perhaps be too strict--what happens if the attacker disconnects just moments before the active defense activity begins?

Left unsaid in the bill is what can be done with information collected from the attacking system, which might include information belonging to other victims, the exposure of which could cause harm. Presumably other remedies from other statutes would exist if a defender engaged in such exposure, but it seems to me that this bill would be improved by making the parameters of permissible action more explicit and restrictive. Perhaps the current wording limits actions to information sharing with law enforcement and reconfiguration of one's own defensive systems based on the collected information, but "to disrupt continued unauthorized activity against the victim's own network" is a purpose that could be achieved by a much broader set of actions, which could cause harm to other victims.

5. It's not clear that the bill is necessary, given that security researchers are today (as they have been for years) taking steps to access infrastructure used by malicious cyber threat actors in order to monitor their activity and collect intelligence information. They are already making legal and regulatory risk decisions which incorporate the existing CFAA, and deciding to proceed anyway.

UPDATE (March 14, 2017): Robert Chesney wrote a good critique of the bill at the Lawfare blog, "Legislative Hackback: Notes on the Active Cyber Defense Certainty Act discussion draft," in which he points out that the word "persistent" is undefined and vague, notes that "intrusion" excludes distributed denial of service attacks from permissible cases of response under this bill, and wisely notes that there may be multiple computers in an attack chain used by the attacker, while the bill is written as though there is only one. (It is also noteworthy that an attacking IP could be a firewall in front of an attacking machine, and a response attempting to connect to that IP could be redirected to a completely different system.) Chesney also questions whether destroying information is the right limit on responsive activity, as opposed to altering information (such as system configurations). He also notes that the restrictions for destruction, physical injury, and threats to public health and safety are probably insufficient, noting as I did above that there could be other forms of harm from disseminating confidential information discovered on the attacking system.

I think a more interesting bill that would create incentives for companies to invest in security and to appropriately share information about attacks (rather than trying to hide it) would be a bill that created a safe harbor or liability limits for a company whose systems are used to attack third parties, if they have taken certain precautionary measures (such as having patched all known vulnerabilities more than 30 days old, and having a continuous monitoring program) and if they also share in a timely manner information about their breach.

UPDATE (May 25, 2017): Rep. Graves has released a version 2.0 of his bill which is vastly improved, addressing almost all of my concerns above. The new Sec. 2 of the bill puts the use beaconing technology on a sound legal footing, which is consistent with the recommendations of the CSIS "Into the Gray Zone" report. The new Sec. 4 of the bill requires notification of the FBI, which, while it isn't the notification of/deferral to organizations which have their own cyber defense teams to protect and investigate their own compromised infrastructure, it might effectively serve the same purpose, and it also provides a deterrent to irresponsible active defense. The core of the former bill, Sec. 3, has been revised to limit what can be done, so that now taking or exposing content on the attacker machine belonging to other parties would not be permissible. And there is also a new Sec. 5 of the bill, which sunsets it after two years. I cautiously support the new bill as a potentially useful experiment.

Thursday, February 16, 2017

But when Trump’s draft executive order on cybersecurity emerged last week, it surprised the cybersecurity world by hewing closely to the recommendations of bipartisan experts—including one commission assembled by the Obama administration.

The positive remarks, instead, were for a revised version of the cybersecurity executive order which was verbally described to reporters on the morning of January 31, the day that the signing of the order was expected to happen at 3 p.m., after Trump met for a listening session with security experts. The signing was cancelled, and the order has not yet been issued, but a draft subsequently got some circulation later in the week and was made public at the Lawfare blog on February 9.

This executive order contains recommendations consistent with both the Cybersecurity Commission report and the CSIS Cyber Policy Task Force report, mandating the use of the NIST Cybersecurity Framework by federal agencies, putting the Office of Management and Budget (OMB) in charge of enterprise risk assessment across agencies, promoting IT modernization and the promotion of cloud and shared services infrastructure, and directing DHS and other agency heads to work with private sector critical infrastructure owners on defenses.

One key thing it does not do, which was recommended by both reports, is elevate the White House cybersecurity coordinator role (a role which the Trump administration has not yet filled, which was held by Michael Daniel in the Obama administration) to an Assistant to the President, reflecting the importance of cybersecurity. Greenberg's piece seems to assume that Thomas Bossert is in the lead cybersecurity coordinator role, but his role is Homeland Security Advisor (the role previously held by Lisa Monaco in the Obama administration), with broad responsibility for homeland security and counterterrorism, not cybersecurity-specific.

Despite Greenberg's error confusing the two executive orders being pointed out to him on Twitter on February 9, the article hasn't been corrected as of February 16.

Sunday, January 01, 2017

Not much blogging going on here still, but here's my annual list of books read for 2016. Items with hyperlinks are linked directly to the item online (usually PDF, some of these are reports rather than books), with no paywall or fee.

Andreas Antonopoulos, The Internet of Money

Herbert Asbury, The Gangs of New York: An Informal History of the Underworld

Paul Vigna and Michael J. Casey, The Age of Crypto Currency: How Bitcoin and the Blockchain Are Challenging the Global Economic Order

I made progress on a few other books (first four from 2016, one from 2015, next three from 2014, next three from 2013, last two still not finished from 2012--I have trouble with e-books, especially very long nonfiction e-books):

Michal Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications

Top ten for 2015: Browder, Chernow, Coleman, Ronson (Shamed), Schneier, Phillips, Nisbett, Ortega, Miller and Shales, Thaler. I bought and read Bardin's book because Richard Bejtlich identified it as a "train wreck," and it was.

Monday, November 23, 2015

I've been using OpenBSD since way back at release 2.3 in 1998, so I've gone through upgrades that took a fair amount of work due to incompatible changes, like the switch from ipf to pf for host firewalling or the change to ELF binaries. The upgrade from 5.7 to 5.8 was a pretty smooth and easy one, for the most part. The two most painful changes for me were the replacement of sudo with doas and the dropping of support in the rc.conf for the pf_rules variable. While sudo is still available as a package, I like the idea of reducing attack surface with a simpler program, so I made the switch. The two things I miss most about sudo are the ability to authenticate for a period of time and the ability to have a single config file across a whole set of servers. The former I'm just living with, the latter I've adjusted to by having a single config file that has lines commented out depending on which server it's on. I did have one moment of concern about the quality of doas when it incorrectly reported the line number on which I had a syntax error in the config file--fortunately, this was just a failure to increment the line count on continuation lines (ending with a "\") which is fixed in the -current release.

The removal of the pf_rules variable support from rc.conf was a bigger issue--I used to just put the default pf.conf rules file in place with each release and upgrade, and keep my changes in a pf.conf.local file that was specified in the pf_rules variable. The effect was that from the period after the upgrade until I noticed the change, my systems were using the default rules and thus more exposed than they were supposed to be. This wasn't the first time an incompatible change decreased my level of security--the removal of tcpwrappers support from SSH was another. I used to use a combination of pf rules and hosts.allow as additional layers of protection on my SSH access, and had a set of tools that allowed me to easily add IP addresses to or remove them from my hosts.allow files. This would have been a layer of defense still in place with the loss of my pf rules, had it still been in existence. Fortunately, I also have SSH on a non-standard port and only allow SSH key logins, not user/password logins, and most of my systems can't be reached on any port without first making a VPN connection, which requires two-factor authentication.

A minor annoying change that was made in 5.8 was putting the file /var/unbound/db/root.key into /etc/changelist, so that the file gets checked daily by the security script. The issue with this is that if you are actually using unbound with DNSSEC, this file changes daily, though only in the comments. My "reportnew" log monitoring tool has a feature that allows you to be notified if files that are expected to change on some periodic schedule do not change, and that would be more appropriate than getting daily notifications that yes, the autotrust anchor file has been updated yet again. But what would really be ideal here would be a check that the non-comment components have not changed. (Others have also complained about this.)

A final issue I've run into with OpenBSD 5.8 is not a new issue, but it's one that still hasn't been fixed with pf. That is that pf logs certain traffic (IGMP in particular) when it matches a rule that does not call for logging. This appears to be the same issue that was fixed earlier this year in pfsense, which is derived from an older fork of pf.

Monday, July 20, 2015

"I believe that we are rapidly transitioning from an Age of Information to an Age of Misinformation, and in many cases, outright disinformation." -- Al Seckel, in an interview published on Jeffrey Epstein's website, "Jeffrey Epstein Talks Perception with Al Seckel"

Mark Oppenheimer's long-awaited exposé on Al Seckel, "The Illusionist," has now been published and I urge all skeptics to read it. Seckel, the former head of the Southern California Skeptics and a CSICOP Scientific and Technical Consultant who was listed as a "physicist" in every issue of the Skeptical Inquirer from vol. 11, no. 2 (Winter 1987-88) to vol. 15, no. 2 (Winter 1991) despite having no degree in physics, has long been known among skeptical insiders as a person who was misrepresenting himself and taking advantage of others. Most have remained silent over fear of litigation, which Seckel has engaged in successfully in the past.

An example of a legal threat from Seckel is this email he sent to me on May 27, 2014:

Dear Jim,

News has once again reached me that you are acting as Tom McIver's proxy in
spreading misinformation and disinformation about me. Please be aware that
I sued McIver in a Court of Law for Defamation and Slander, and after a
very lengthy discovery process, which involved showing that he fabricated
letters from my old professors (who provided notarized statements that they
did not ever state nor write the letters that McIver circulated, and the
various treasures who were in control of the financial books of the
skeptics, also came forth and testified that no money was taken, and McIver
was unable to prove any of his allegations. The presiding Judge stated that
this was the "worst case of slander and defamation" that he had ever seen.

Nevertheless, even with such a Court Order he is persisting, and using (and
I mean the term "using") you to further propagate erroneous misinformation.
Lately, he has been making his defamatory comments again various people,
and posting links to a news release article by the Courthouse News (a press
release service) that reports the allegations set forth in complaints. Just
because something is "alleged" does not mean it is True. It has to be
proven in a Court of Law. In this case, after a lengthy discovery process
(and I keep excellent records) the opposite of what was alleged was
discovered, and the opposing counsel "amicably" dismissed their charges
against me. The case was officially dismissed. In fact, the opposing
counsel has been active in trying to get the Courthouse News to actively
remove the entire article, and not just add a footnote at the end.

I note that you have been trying to add this link to my wikipedia page. I
have never met you, and am not interested in fighting with you. I am
attaching the official Court document that this case was filed for
dismissal by the opposing counsel. You can verify yourself that this is an
accurate document with the Court. So, once again, McIver has used you.
My attorneys are now preparing a Criminal Complaint against McIver for so
openly violating the Court Order (it is now a criminal offense), and will
once again open the floodgates of a slander and defamation lawsuit against
him and his family, and anyone else, who aids him willing in this process.
This time he will not have his insurance company cover his defense. This
time that axe will come down hard on him.

For now, I will just think you are victim, but please remove any and all
references to me on any of your websites, and that will be the end of it.
You don't want to be caught in the crossfire.

Contrary to what Seckel writes, we have, in fact, met--I believe it was during the CSICOP conference, April 3-4, 1987, in Pasadena, California. I am not an agent of Tom McIver, the anthropologist, librarian, and author of the wonderful reference book cataloging anti-evolution materials, Anti-Evolution, who Seckel sued for defamation in 2007, in a case that was settled out of court (see Oppenheimer's article). I have never met Tom McIver, though I hope I will be able to do so someday--he seems to me to be a man of good character, integrity, and honesty.

The news release Seckel mentions is regarding a lawsuit filed by Ensign Consulting Ltd. in 2011 against Seckel charging him with fraud, which is summarized online on the Courthouse News Service website. I wrote a brief account of the case based on that news article on Seckel's Wikipedia page in an edit on March 13, 2011, but it was deleted by another editor in less than an hour. Seckel is correct that just because something is alleged does not mean that it is true; my summary was clear that these were accusations made in a legal filing.

Seckel and his wife, Isabel Maxwell (daughter of the deceased British-Czech media mogul, Robert Maxwell), rather than fighting the suit or showing up for depositions, filed for bankruptcy. Ensign filed a motion in their bankruptcy case on December 2, 2011, repeating the fraud allegations. But as Seckel notes, Ensign did dismiss their case in 2014 prior to his sending me the above email.

So why should anyone care? Who is Al Seckel, and what was he worried that I might be saying about him? This is mostly answered by the Oppenheimer article, but there is quite a bit more that could be said, and more than what I will say here to complement "The Illusionist."

Al Seckel was the founder and executive director of the Southern California Skeptics, a Los Angeles area skeptics group that met at Caltech. This was one of the earliest local skeptical groups, with a large membership and prominent scientists on its advisory board. Seckel has published numerous works including editing two collections of Bertrand Russell's writings for Prometheus Books (both reviewed negatively in the Journal of Bertrand Russell Studies, see here and here). He has given a TED talk on optical illusions and authored a book with the interesting title, Masters of Deception, which has a forward by Douglas R. Hofstadter. Seckel was an undergraduate at Cornell University, and developed an association with a couple of cognitive psychology labs at Caltech--in 1998 the New York Times referred to him as a "research associate at the Shimojo Psychophysics Laboratory." His author bios have described him as author of the monthly Neuroquest column at Discover magazine ("About the Author" on Masters of Deception; Seckel has never written that column), as "a physicist and molecular biologist" (first page of Seckel's contribution, "A New Age of Obfuscation and Manipulation" in Robert Basil, editor, Not Necessarily the New Age, 1988, Prometheus Books, pp. 386-395; Seckel is neither a physicist nor a molecular biologist), and, in his TED talk bio, as having left Caltech to continue his work "in spatial imagery with psychology researchers as Harvard" (see Oppenheimer's exchanges with Kosslyn, who has never met or spoken with him and Ganis, who says he has exchanged email with him but not worked with him).

Seckel used to hang out at Caltech with Richard Feynman. As the late Helen Tuck, Feyman's administrative assistant, wrote in 1991, Seckel "latched on to Feynman like a leach [sic]." Tuck wrote that she became suspicious of Seckel, and contacted Cornell to find that he did not have a degree from that institution. You can see her full letter, written in response to a query from Tom McIver, here.

As the head of the Southern California Skeptics, Seckel managed to get a column in the Los Angeles Times, titled "Skeptical Eye." Most of his columns were at least partially plagiarized from the work of others, including his column on Sunny the counting dalmation (plagiarized from Robert Sheaffer), his column on tabloid psychics' predictions for 1987 (also plagiarized from Sheaffer), and his column about Martin Reiser's tests of psychic detectives (plagiarized directly from Reiser's work). When Seckel plagiarized Sheaffer, it was brought to the attention of Kent Harker, editor of the Bay Area Skeptics Information Sheet (BASIS), who contacted Seckel about it. Seckel apparently told Harker that Sheaffer had given his permission to allow publication of his work under Seckel's name, which Sheaffer denied when Harker asked. This led to Harker writing to Seckel in 1988 to tell him about Sheaffer's denial, and and inform him that he, Seckel, was no longer welcome to reprint any material from BASIS in LASER, the Southern California Skeptics' newsletter. While most skeptical groups gave each other blanket permission to reprint each others' material with attribution, Harker explicitly retracted this permission for Seckel.

This is, I think, a good case study in how the problem of "affiliate fraud"--being taken in by deception by a member of a group you self-identify with--can be possible for skeptics, scientists, and other educated people, just as it is for the more commonly publicized cases of affiliate fraud within religious organizations.

This just scratches the surface of the Seckel story. I hope that those who have been fearful of litigation from Seckel will realize that, given the Oppenheimer story, now is an opportune time for multiple people to come forward and offer each other mutual support that was unhappily unavailable for Tom McIver eight years ago.

(BTW, one apparent error in the Oppenheimer piece--I am unaware of Richard Feynman lending his name for use by a skeptical group. He was never, for example, a CSICOP Fellow, though I'm sure they asked him just as they asked Murray Gell-Mann, who has been listed as a CSICOP Fellow since Skeptical Inquirer vol. 9, no. 3, Spring 1985.)

"Oh, like everyone else, I used to parrot, and on occasion, still do." -- Al Seckel (interview with Jeffrey Epstein)

Corrected 22 July 2015--original mistakenly said Maxwell was Australian.

Update 22 September 2015--an obituary has been published for Al Seckel, stating that he died in France on an unspecified date earlier this year, but there are as yet no online French death records nor French news stories reporting his death. The obituary largely mirrors content put up on alseckel.net, a domain that was registered on September 18 by a user using Perfect Privacy LLC (domaindiscreet.com) to hide their information. (That in itself is not suspicious, it is generally a good practice for individuals who own domain names to protect their privacy with such mechanisms and I do it myself.)

Update 24 September 2015: French police, via the U.S. consulate, confirmed the death of Al Seckel on July 1, 2015. His body was found at the bottom of a cliff in the village of Saint-Cirq-Lapopie.

Update 21 December 2015: A timeline of Al Seckel's activities may be found here.

Path: bga.com!news.sprintlink.net!hookup!yeshua.marcam.com!charnel.ecst.csuchico.edu!nic-nac.CSU.net!news.Cerritos.edu!news.Arizona.EDU!skyblu.ccit.arizona.edu!lippard
From: lip...@skyblu.ccit.arizona.edu (James J. Lippard)
Newsgroups: sci.skeptic
Subject: Re: News of the CSICOP conference?
Date: 11 Jul 1994 15:59 MST
Organization: University of Arizona
Lines: 110
Distribution: world
Message-ID: <11JUL199415590395@skyblu.ccit.arizona.edu>
References: <forb0004.229.0036889A@gold.tc.umn.edu>
NNTP-Posting-Host: skyblu.ccit.arizona.edu
News-Software: VAX/VMS VNEWS 1.41
In article <forb0004.2...@gold.tc.umn.edu>, forb...@gold.tc.umn.edu (Eric J. Forbis) writes...
>I'm surprised that so little has been written about the recent conference on
>this group. Please, any who attended, tell all!
I had intended to write up a summary of the Seattle conference similar
to the one I did for the 1992 Dallas conference (which may be found
in /pub/anson/Arizona_Skeptic on netcom.com, in vol. 6 somewhere, over
two issues). Events conspired against me, however. My flight did
not arrive until the conference had already begun on Thursday night,
and I was quite disappointed to miss Robert Baker's presentation in the
session on alien abductions. I also brought only an old school notebook,
which I found contained only two blank sheets of paper in it. Then I
planned to view Becky Long's videotapes of the sessions afterward, but
her camera's battery recharger broke. So the following is all from memory.
I arrived at the conference on Thursday evening and was surprised to
find that the main conference room was completely full and an overflow
crowd was watching via closed-circuit television. This was the largest
CSICOP conference to date. I believe that for the alien abduction and
False Memory Syndrome-related sessions there were over 700 attendees.
(I seem to remember somebody telling me that, but we know how unreliable
human memory is.)
I showed up in the middle of a presentation by Thomas Bullard, who was
very impressed by what he claimed were amazing consistencies between
the accounts of abductees. He argued against the claim (made by Baker?)
that the motifs in abduction stories can be traced to "Close Encounters
of the Third Kind" by pointing out the same motifs in earlier abduction
claims. (Yeah, but what about earlier appearances of "Grey"-like aliens in
other science fiction?)
Next, John Mack spoke about why he was speaking at a CSICOP conference
and discussed the "intense polarization in ufology" between skeptics and
believers. He said that he was a skeptic about UFO abductions and that
he considers it to be an unsolved mystery. At times he sounded like
John Keel or Jacques Vallee--suggesting that aliens are interdimensional
creatures that can't be reduced to any known categories of human thought.
Like Bullard, he appealed to the consistency between testimonies.
I wrote down a series of questions he had for CSICOP and skeptics:
1. Why so much vehemence in these attacks? [on him, on abduction claims]
2. Why so much certainty?
3. Why do we attack the experiencers themselves?
4. Why do you attack writers of your own commissioned reports who
don't come up with the conclusions you want?
I have no idea what the last question is supposed to be referring to,
since CSICOP does not commission research. It sounds like a question
more appropriately addressed to MUFON regarding its treatment of
investigators of the Gulf Breeze UFO sightings.
Since Nicholas Spanos died tragically in an airplane crash just a
week or so before the conference, at the last minute clinical psychologist
William Cone from Newport Beach, Calif. was brought in. (He was already
a conference attendee.) He began by saying that he didn't bring any
slides, but if the whole audience would just look at the screen, research
shows that about 2% of us would see things on it anyway. Cone said that
he has worked with a few dozen abductees, including some in locked wards
of mental institutions. He argued that abduction research that he has seen
is very badly done, with the researchers imposing their views on their
subjects. He offered a number of possible answers to the question "Why
would anyone make up stories like this?": (1) for the money (he gave
a specific example from his own experience), (2) for notoriety and
attention (he said that he's had abductees tell him they had never told anyone
about their experience before, and then show up on a tabloid TV show a
week later), (3) for identity with a group of people.
He seemed to rebut most of the claims made by Bullard and Mack about
abductees.
Also added to the program was abductee and hypnotherapist Sharon
Phillip (?), who was brought in by Mack. She described her own
UFO sighting/abduction and promoted the usefulness of hypnotherapy.
Also present was Donna Bassett, who passed herself off as an abductee
in Mack's group and then went public in the _Time_ magazine article
about Mack. She stated that, just as women have been doing for
centuries, she faked it. She had very strong words of criticism for
Mack's methodology and claimed that his clients are telling Mack what
he wants to hear, but say other things behind his back. She accused him
of not getting informed consent from his clients about what they are
getting into.
Mack replied by saying that he could not discuss her case because
of confidentiality, but that he was not convinced that she *wasn't*
really an abductee. (He implied that he had reasons for thinking
this that he was not at liberty to discuss.) He flat out denied
parts of her story, such as the part about his breaking her bed
while sitting on it from his enthusiastic reaction to her story about
being on a UFO with JFK and Kruschev. He also suggested that Phil
Klass had put her up to her hoax, since her husband had worked with
Klass at _Aviation Week_. This prompted the biggest outburst of
anger that I witnessed at the conference, from Klass, who stated that
he had not seen the Bassetts for many years and heard about the hoax
in the media like everybody else. He subsequently contacted them,
and was responsible for Donna Bassett's being invited to the CSICOP
conference.
There followed a series of audience questions and answers, including
several which expressed concern about Bassett being brought into the
conference without Mack's knowledge. Some of these concerned audience
members changed their minds when told that Mack was already well aware
of the specifics of Donna Bassett's charges as a result of the _Time_
story.
Well, that was Thursday, June 23. I'll comment further later about
the two Friday sessions and Carl Sagan's keynote address,
the three Saturday sessions and the luncheon talk about CSICOP and
the Law, and the Sunday session--or perhaps others can jump in.
Jim Lippard _Skeptic_ magazine:
lip...@ccit.arizona.edu ftp://ftp.rtd.com/pub/zines/skeptic/
Tucson, Arizona http://www.rtd.com/~lippard/skeptics-society.html

Newsgroups: sci.skeptic
Path: bga.com!news.sprintlink.net!hookup!yeshua.marcam.com!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!math.ohio-state.edu!usc!nic-nac.CSU.net!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sheaffer
From: shea...@netcom.com (Robert Sheaffer)
Subject: Re: News of the CSICOP conference?
Message-ID: <sheafferCsy5EI.n1t@netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
References: <forb0004.229.0036889A@gold.tc.umn.edu> <11JUL199415590395@skyblu.ccit.arizona.edu> <Jul13.044226.32392@acs.ucalgary.ca>
Date: Thu, 14 Jul 1994 20:11:05 GMT
Lines: 31
>In article <11JUL199...@skyblu.ccit.arizona.edu>,
>James J. Lippard <lip...@skyblu.ccit.arizona.edu> wrote:
>> I showed up in the middle of a presentation by Thomas Bullard, who was
>>very impressed by what he claimed were amazing consistencies between
>>the accounts of abductees. He argued against the claim (made by Baker?)
>>that the motifs in abduction stories can be traced to "Close Encounters
>>of the Third Kind" by pointing out the same motifs in earlier abduction
>>claims. (Yeah, but what about earlier appearances of "Grey"-like aliens in
>>other science fiction?)
I was going to comment about this at the conference, were it not such a
mob scene that getting to a microphone became nearly impossible:
Bullard was right to object to Baker's statement that 'all these grey
aliens come from the 1977 movie CEIIIK'. (Bullard went on to cite some
pre-1977 examples).
However, Marty Kottmeyer makes a pretty good case tracing the origin of the
_genre_ to Barney Hill who in March 1964 (date from memory: beware FMS)
sketched an alien that had supposedly abducted him. This drawing was
subsequently widely published. Marty found out, however, that an episode
of _The Twilight Zone_ had aired with a nearly-identical alien, just
A FEW DAYS before Barney made his sketch. (The individual sessions with
Dr. Benjamin Simon were all carefully dated and transcribed, and fan
books tell when each _Twilight Zone_ episode first aired.)
--
Robert Sheaffer - Scepticus Maximus - shea...@netcom.com
Past Chairman, The Bay Area Skeptics - for whom I speak only when authorized!
"As women and as lawyers, we must never again shy from raising our
voices against sexual harrassment. All women who care about
equality of opportunity - about integrity and morality in the
workplace - are in Professor Anita Hill's debt."
-- Hillary Rodham Clinton, 8/9/92, at an American Bar
Association luncheon honoring Anita Hill
"I want to make it very clear that this middle class tax cut, in
my view, is central to any attempt we are going to make to have
a short term economic strategy and a long term fairness
strategy, which is part of getting this country going again."
-- candidate Bill Clinton, ABC News Primary Debate,
Manchester, New Hampshire, 1/19/92

Friday, April 25, 2014

I received the following spam email today (a link on the email claims, falsely, that I opted in for it in October 2013) from the Christine Jones for governor campaign. Jones is a former GoDaddy executive who looks like a terriblecandidate for governor of Arizona.